Based on those rules we are able to generate a dictionary file, and try to crack the password. However in this case it is not critical beacuse this is a webapplication. We have:
26 x 26 x 6 x 26 x 26 x 100 = 274185600 possible combinations, so the dictionary file would be around 2.2 GB size. Yep, it seems like a lot of time, but in case of flaws in the randomness of the string generation we could probally shorten the amount of time needed to crack it - i need to examine it deeper. To sum up, it does not seem to be a threat (for now) but those patterns definitely should have not appear in that function.